Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: f7bd8d6bd8da
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 45b4e23a416c
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Jul 12, 2019

  1. glib: fix CVE-2019-13012 

    CVE-2019-13012 Description:

The keyfile settings backend in GLib before 2.59.1 creates directories
using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and
files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE,
G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).
Consequently, it does not properly restrict directory (and file) permissions.
Instead, for directories, 0777 permissions are used; for files, default file
permissions are used.

Patch Summary:

Changes the permissions when a directory is created,
using 700 instead 777 in gio/gkeyfilesettingsbackend.c
and changes test to run in a temp directory in gio/tests/gsettings.c.

Upstream Issue: https://gitlab.gnome.org/GNOME/glib/issues/1658
Upstream MR: https://gitlab.gnome.org/GNOME/glib/merge_requests/604

Fixes #64657
    @worldofpeace
    worldofpeace committed Jul 12, 2019
    Copy the full SHA
    35e28b4 View commit details
    Browse the repository at this point in the history

Commits on Jul 13, 2019

  1. Merge #64679: glib: fix CVE-2019-13012 (in staging-19.03)

    @vcunat
    vcunat committed Jul 13, 2019
    Copy the full SHA
    45b4e23 View commit details
    Browse the repository at this point in the history